One document matched: draft-jones-jose-aes-gcm-key-wrap-01.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?xml-stylesheet type='text/xsl' href='http://xml.resource.org/authoring/rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="4"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" ipr="trust200902" docName="draft-jones-jose-aes-gcm-key-wrap-01">
<front>
<title>Key Wrapping with AES GCM for JWE</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="14" month="July" year="2013" />
<area>Security</area>
<workgroup>JOSE Working Group</workgroup>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>JavaScript Object Notation</keyword>
<keyword>JSON</keyword>
<keyword>JSON Web Encryption</keyword>
<keyword>JWE</keyword>
<keyword>JSON Web Algorithms</keyword>
<keyword>JWA</keyword>
<abstract>
<t>
This specification defines how to encrypt (wrap) keys with the
AES GCM algorithm for JSON Web Encryption (JWE) objects.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>
This specification defines how to encrypt (wrap) keys with the
AES GCM algorithm <xref target="AES"/> <xref target="NIST.800-38D"/>
for JSON Web Encryption (JWE) <xref target="JWE"/>
objects.
</t>
<section title='Notational Conventions'>
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels <xref target='RFC2119' />.
</t>
</section>
</section>
<section title="Terminology">
<t>
This specification uses the same terminology as the
JSON Web Encryption (JWE) <xref target="JWE"/> and
JSON Web Algorithms (JWA) <xref target="JWA"/>
specifications.
</t>
</section>
<section title="Key Encryption with AES GCM" anchor="KeyEncryptionGCM">
<t>
This section defines the specifics of encrypting a
JWE Content Encryption Key (CEK) with
Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM)
<xref target="AES"/> <xref target="NIST.800-38D"/>
using 128 or 256 bit keys.
The <spanx style="verb">alg</spanx> header parameter values
<spanx style="verb">A128GCMKW</spanx> or <spanx style="verb">A256GCMKW</spanx>
are respectively used in this case.
</t>
<t>
Use of an Initialization Vector of size 96 bits is
REQUIRED with this algorithm.
The Initialization Vector is represented in base64url encoded form
as the <spanx style="verb">iv</spanx> (initialization vector)
header parameter value.
</t>
<t>
The Additional Authenticated Data value used is
the empty octet string.
</t>
<t>
The requested size of the Authentication Tag output MUST be
128 bits, regardless of the key size.
</t>
<t>
The JWE Encrypted Key value is the Ciphertext output.
</t>
<t>
The Authentication Tag output is represented in base64url encoded form
as the <spanx style="verb">tag</spanx> (authentication tag)
header parameter value.
</t>
<section title="Header Parameters Used for AES GCM Key Encryption"
anchor="ParamsGCMKeyWrap">
<t>
The following Header Parameter Names are used for AES GCM key encryption.
They MAY also be used by other algorithms if so specified
by those algorithm parameter definitions.
</t>
<section title='"iv" (Initialization Vector) Header Parameter' anchor="ivDef">
<t>
The <spanx style="verb">iv</spanx> (initialization vector)
header parameter value is the base64url encoded representation of the
Initialization Vector value used for the key encryption operation.
This Header Parameter is REQUIRED and MUST be understood and processed
by implementations when these algorithms are used.
</t>
</section>
<section title='"tag" (Authentication Tag) Header Parameter' anchor="tagDef">
<t>
The <spanx style="verb">tag</spanx> (authentication tag)
header parameter value is the base64url encoded representation of the
Authentication Tag value resulting from the key encryption operation.
This Header Parameter is REQUIRED and MUST be understood and processed
by implementations when these algorithms are used.
</t>
</section>
</section>
</section>
<section title="IANA Considerations" anchor="IANA">
<section title="JSON Web Signature and Encryption Algorithms Registration">
<t>
This specification registers the algorithms defined in
<xref target="KeyEncryptionGCM"/> in the
JSON Web Signature and Encryption Algorithms registry <xref target="JWA"/>.
</t>
<section title='Registry Contents'>
<t> <?rfc subcompact="yes"?>
<list style='symbols'>
<t>
Algorithm Name: <spanx style="verb">A128GCMKW</spanx>
</t>
<t>
Algorithm Usage Location(s): <spanx style="verb">alg</spanx>
</t>
<t>
Implementation Requirements: OPTIONAL
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="KeyEncryptionGCM" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Algorithm Name: <spanx style="verb">A256GCMKW</spanx>
</t>
<t>
Algorithm Usage Location(s): <spanx style="verb">alg</spanx>
</t>
<t>
Implementation Requirements: OPTIONAL
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="KeyEncryptionGCM" /> of [[ this document ]]
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
<section title="Registration of JWE Header Parameter Names" anchor="HdrReg">
<t>
This specification registers the Header Parameter Names defined in
<xref target="ParamsGCMKeyWrap"/> in the IANA
JSON Web Signature and Encryption Header Parameters registry
<xref target="JWS" />.
</t>
<section title="Registry Contents" anchor="HdrContents">
<t> <?rfc subcompact="yes"?>
<list style='symbols'>
<t>
Header Parameter Name: <spanx style="verb">iv</spanx>
</t>
<t>
Header Parameter Usage Location(s): JWE
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="ivDef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Header Parameter Name: <spanx style="verb">tag</spanx>
</t>
<t>
Header Parameter Usage Location(s): JWE
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="tagDef"/> of [[ this document ]]
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
</section>
<section title="Security Considerations" anchor="Security">
<t>
The security considerations in
<xref target="AES"/> and <xref target="NIST.800-38D"/>
also apply to this specification.
</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml' ?>
<reference anchor="JWS">
<front>
<title>JSON Web Signature (JWS)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<author fullname="John Bradley" initials="J." surname="Bradley">
<organization abbrev="Ping Identity">Ping Identity</organization>
<address>
<email>ve7jtb@ve7jtb.com</email>
</address>
</author>
<author fullname="Nat Sakimura" initials="N." surname="Sakimura">
<organization abbrev="NRI">Nomura Research Institute</organization>
<address>
<email>n-sakimura@nri.co.jp</email>
</address>
</author>
<date day="11" month="July" year="2013" />
</front>
<seriesInfo value="draft-ietf-jose-json-web-signature" name="Internet-Draft"/>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature" type="HTML" />
</reference>
<reference anchor="JWE">
<front>
<title>JSON Web Encryption (JWE)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<author fullname="Eric Rescorla" initials="E." surname="Rescorla">
<organization abbrev="RTFM">RTFM, Inc.</organization>
<address>
<email>ekr@rtfm.com</email>
</address>
</author>
<author fullname="Joe Hildebrand" initials="J." surname="Hildebrand">
<organization abbrev="Cisco">Cisco Systems, Inc.</organization>
<address>
<email>jhildebr@cisco.com</email>
</address>
</author>
<date day="11" month="July" year="2013" />
</front>
<seriesInfo value="draft-ietf-jose-json-web-encryption" name="Internet-Draft"/>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption" type="HTML" />
</reference>
<reference anchor="JWA">
<front>
<title>JSON Web Algorithms (JWA)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="11" month="July" year="2013" />
</front>
<seriesInfo value="draft-ietf-jose-json-web-algorithms" name="Internet-Draft"/>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms" type="HTML" />
</reference>
<reference anchor="AES">
<front>
<title>Advanced Encryption Standard (AES)</title>
<author>
<organization>National Institute of Standards and Technology (NIST)
</organization>
</author>
<date month="November" year="2001" />
</front>
<seriesInfo name="FIPS" value="PUB 197" />
<format target="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf" type="PDF" />
</reference>
<reference anchor="NIST.800-38D">
<front>
<title>Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC</title>
<author>
<organization>National Institute of Standards and Technology (NIST)
</organization>
</author>
<date month="December" year="2001" />
</front>
<seriesInfo name="NIST" value="PUB 800-38D" />
<format target="http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf" type="PDF" />
</reference>
</references>
<section title='Document History'>
<t>
[[ to be removed by the RFC editor before publication as an RFC ]]
</t>
<t>
-01
<list style='symbols'>
<t>
Represented Initialization Vector and Authentication Tag values used as
header parameter values so as to be more parallel with their treatment
when using AES GCM for content encryption, per working group request.
</t>
</list>
</t>
<t>
-00
<list style='symbols'>
<t>
Created draft-jones-jose-aes-gcm-key-wrap.
</t>
</list>
</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 09:43:05 |